No persistent /dev/net/tun in xen Linux domU… Hacky workaround is adding
mkdir /dev/net && mknod /dev/net/tun c 10 200
while booting (for example in rc.local or in your init.d script which need it).
For example tun device is useful for SSH VPN. Without it, you will have errors like:
channel 0: open failed: administratively prohibited: open failed
I use Nokia E65 phone and SFR (french mobile phone provider). Note there is at least two possibilities for access: wapsfr (for WAP browsing and AFAIK illimited) and websfr (less restricted but with high-cost level). I will only speak about wapsfr here. For connecting, it’s the same method like Orange SFR with Debian excepted you set wapfr instead of orange.fr in /etc/ppp/peers/gprs-wvdial.conf file. Then you are now connected but access seems restricted to 80 and 443 ports via proxy (NetApp/6.0.7 NetCache appliance announced by HTTP headers). For HTTP browsing, you must change your User-Agent to Vodafone/1.0/HTC_Mercury/1.23.163.5/Mozilla/4.0 for HTTP browsing. Of course, no problem for HTTPS browsing. And for SSH (for example SSH tunnel to have a full Internet access), you can use corkscrew and a SSH server reachable on tcp/443 to bypass the proxy. Just “apt-get” it and launch:
ssh -o "ProxyCommand /usr/bin/corkscrew %h %p %h %p" -p 443 login@your_ssh_server
I wrote a quick hack for setting charset in PEAR/XML_RSS 0.9.2 (so annoying bug)… and I discovered a similar patch in PEAR bug 2782 :-) and also that beta versions (PEAR/XML RSS >= 0.9.9) fixed it. Note that you need this feature to use ISO8859-1 feed with PEAR/XML_RSS on “UTF8 by default” system (like standard installation of Debian Etch for example).
I migrate my blog to WordPress 2.5 and there is a cool feature: widget to have a feed in the sidebar. In the same time, I use now Google reader and I have the possibility to share blog entries with friends: when I find a nice blog entry, I tag it Share and Google reader aggregates all my favorite posts. Unfortunately RSS parser of WordPress is buggy with this Atom feed from Google reader. You can find a description of the problem in WordPress forum (titles and links are incorrect because Atom feed could have many tags per item). I write a dirty hack to correct this problem and now you can find “My blogosphere” on the right of my blog.
During a random security upgrade on Debian :
# ls -l libnss-ldap.conf -rw-r--r-- 1 root root 9863 2008-02-15 18:40 libnss-ldap.conf # dpkg -l nscd | grep un un nscd <none> (no description available) # aptitude upgrade [...] Preparing to replace libnss-ldap 251-7.5 (using .../libnss-ldap_251-7.5etch1_i386.deb) ... Unpacking replacement libnss-ldap ... Setting up libnss-ldap (251-7.5etch1) ... # ls -l libnss-ldap.conf -rw------- 1 root root 9863 2008-02-15 20:55 libnss-ldap.conf
Oops! With this permissions on the libnss-ldap.conf file, some services will be broken. For example, in Postfix/LDAP configuration, Postfix local mail delivery will fail because he can’t find homeDirectory of local user. And Postfix error message isn’t very explicit:
postfix/qmgr[12063]: warning: transport local failure -- see a previous warning/fatal/panic logfile record for the problem description
Yesterday I installed RT on Apache/mod_perl server with default config in RT_Config.pm file:
Set($Timezone , 'US/Eastern');
I included PerlRequire webmux.pl in its VirtualHost and I discover today that this directive changes timezone for all Apache log files! Weird behavior… and I confirm that this server is hosted in Marseille (France), not in USA ;-)
Migrate applications to MySQL 5 could need some rewrite. Here is one example :
mysql5> SELECT * FROM table0, table1 JOIN table2 on table0.colA = table2.colB; ERROR 1054 (42S22): Unknown column 'table0.colA' in 'on clause'
That’s because JOIN operator has now higher priority. Previously, this request was interpreted like ((table 0, table1) JOIN table2) and now it is (table 0, (table1 JOIN table2)). A fast fix is adding parenthesis:
mysql5> SELECT * FROM (table0, table1) JOIN table2 on table0.colA = table2.colB;
You can find more information in MYSQL bug #13832 and in MySQL manual (See Join Processing Changes in MySQL 5.0.12 section).
git is the SCM developped for the Linux kernel after the famous affair with proprietary Bitkeeper system. There are good tutorials for git (for example, the official one) and a fun video talk with the “Linus touch”. I’m “yet another victim” of the buzz^Wpopularity of git (particularly in the Debian community):
git://git.debian.org/git/collab-maint/pppoeconf.git
I use Nokia 6630 phone and Orange (french mobile phone provider).
Plug it with USB (you must have /dev/ttyACM0).
apt-get install ppp wvdial
And create these 3 files.
/etc/ppp/peers/gprs file:
lcp-echo-failure 0 lcp-echo-interval 0 nodetach debug show-password connect "/usr/bin/wvdial --chat --config /etc/ppp/peers/gprs-wvdial.conf foo" disconnect /etc/ppp/peers/gprs-disconnect-chat /dev/ttyACM0 115200 # fast enough crtscts # serial cable, Bluetooth and USB, on some occations with IrDA too local :10.0.0.1 noipdefault ipcp-accept-local defaultroute usepeerdns novj nobsdcomp novjccomp nopcomp noaccomp noauth user "user"
/etc/ppp/peers/gprs-wvdial.conf file:
[Dialer foo] Init1 = ATH Init2 = ATE1 Init3 = AT+CGDCONT=1,"IP","orange.fr","",0,0 Dial Command = ATD Phone = *99# Username = orange Password = orange
/etc/ppp/peers/gprs-disconnect-chat file:
#!/bin/sh exec /usr/sbin/chat -V -s -S ABORT "BUSY" ABORT "ERROR" ABORT "NO DIALTONE" SAY "nSending break to the modemn" "" "K" "" "+++ATH" SAY "nPDP context detachedn"
Finally you can:
pppd call gprs
Note that with Orange you can’t use SSH port (port 22) but others classical ports are enabled: 21, 25, 80, 110, 143, 443, 993 and 995.
Update on 2008 : you can now use SSH port!
My mission of this week-end was to secure the France Telecom ADSL access of my parents. ADSL connection is made with Livebox, a router/modem box. But it’s not easy to manage (no command-line access, limited functionnalities) then I shut down DHCP and Wi-Fi on Livebox and put a famous WRT54G to have powerful and secure services. Of course, I used OpenWRT with dnsmasq (small and flexible DNS cache and DHCP), dropbear (SSH server) and network utilities (tcpdump, nmap, iptables, snmpd). For Wi-Fi connectivity, I configured access point to have WPA2/EAP/PSK with a 63 random-characters passphrase. All tests were OK with Windows XP native WPA client, Linux wpa_supplicant or even Nintendo Wii box.
Mission Accomplished!